; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
; RUN: opt < %s -passes=instcombine -S | FileCheck %s
; PR1201
target datalayout = "p:32:32:32"
define i32 @main(i32 %argc, ptr %argv) {
; CHECK-LABEL: @main(
; CHECK-NEXT: ret i32 0
;
%c_19 = alloca ptr
%malloc_206 = tail call ptr @malloc(i32 mul (i32 ptrtoint (ptr getelementptr (i8, ptr null, i32 1) to i32), i32 10))
store ptr %malloc_206, ptr %c_19
%tmp_207 = load ptr, ptr %c_19
tail call void @free(ptr %tmp_207)
ret i32 0
}
define i32 @dead_aligned_alloc(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @dead_aligned_alloc(
; CHECK-NEXT: ret i32 0
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 %alignment, i32 %size)
store i8 %value, ptr %aligned_allocation
tail call void @free(ptr %aligned_allocation)
ret i32 0
}
define i1 @aligned_alloc_only_pointe(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @aligned_alloc_only_pointe(
; CHECK-NEXT: [[ALIGNED_ALLOCATION:%.*]] = tail call ptr @aligned_alloc(i32 [[ALIGNMENT:%.*]], i32 [[SIZE:%.*]])
; CHECK-NEXT: [[CMP:%.*]] = icmp ne ptr [[ALIGNED_ALLOCATION]], null
; CHECK-NEXT: ret i1 [[CMP]]
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 %alignment, i32 %size)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
define i1 @aligned_alloc_pointer_only_used_by_cmp_alignment_and_value_known_ok(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @aligned_alloc_pointer_only_used_by_cmp_alignment_and_value_known_ok(
; CHECK-NEXT: ret i1 true
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 8, i32 32)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
define i1 @aligned_alloc_pointer_only_used_by_cmp_alignment_no_power_of_2(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @aligned_alloc_pointer_only_used_by_cmp_alignment_no_power_of_2(
; CHECK-NEXT: [[ALIGNED_ALLOCATION:%.*]] = tail call dereferenceable_or_null(32) ptr @aligned_alloc(i32 3, i32 32)
; CHECK-NEXT: [[CMP:%.*]] = icmp ne ptr [[ALIGNED_ALLOCATION]], null
; CHECK-NEXT: ret i1 [[CMP]]
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 3, i32 32)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
define i1 @aligned_alloc_pointer_only_used_by_cmp_size_not_multiple_of_alignment(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @aligned_alloc_pointer_only_used_by_cmp_size_not_multiple_of_alignment(
; CHECK-NEXT: [[ALIGNED_ALLOCATION:%.*]] = tail call dereferenceable_or_null(31) ptr @aligned_alloc(i32 8, i32 31)
; CHECK-NEXT: [[CMP:%.*]] = icmp ne ptr [[ALIGNED_ALLOCATION]], null
; CHECK-NEXT: ret i1 [[CMP]]
;
%aligned_allocation = tail call ptr @aligned_alloc(i32 8, i32 31)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
; This test uses a aligned allocation function different to @aligned_alloc,
; and should be treated as having @aligned_alloc's constraints on alignment
; and size operands.
define i1 @other_aligned_allocation_function(i32 %size, i32 %alignment, i8 %value) {
; CHECK-LABEL: @other_aligned_allocation_function(
; CHECK-NEXT: ret i1 true
;
%aligned_allocation = tail call ptr @other_aligned_alloc(i32 %alignment, i32 %size)
%cmp = icmp ne ptr %aligned_allocation, null
ret i1 %cmp
}
declare noalias ptr @calloc(i32, i32) nounwind allockind("alloc,zeroed") allocsize(0,1) "alloc-family"="malloc"
declare noalias ptr @malloc(i32) allockind("alloc,uninitialized") allocsize(0) "alloc-family"="malloc"
declare noalias ptr @aligned_alloc(i32, i32) allockind("alloc,uninitialized,aligned") allocsize(1) "alloc-family"="malloc"
declare noalias ptr @other_aligned_alloc(i32, i32) allockind("alloc,uninitialized,aligned") allocsize(1) "alloc-family"="malloc"
declare void @free(ptr) allockind("free") "alloc-family"="malloc"
define i1 @foo() {
; CHECK-LABEL: @foo(
; CHECK-NEXT: ret i1 false
;
%m = call ptr @malloc(i32 1)
%z = icmp eq ptr %m, null
call void @free(ptr %m)
ret i1 %z
}
declare void @llvm.lifetime.start.p0(i64, ptr)
declare void @llvm.lifetime.end.p0(i64, ptr)
declare i64 @llvm.objectsize.i64(ptr, i1)
declare void @llvm.memcpy.p0.p0.i32(ptr nocapture, ptr nocapture, i32, i1) nounwind
declare void @llvm.memmove.p0.p0.i32(ptr nocapture, ptr nocapture, i32, i1) nounwind
declare void @llvm.memset.p0.i32(ptr, i8, i32, i1) nounwind
define void @test3(ptr %src) {
; CHECK-LABEL: @test3(
; CHECK-NEXT: ret void
;
%a = call noalias ptr @malloc(i32 10)
call void @llvm.lifetime.start.p0(i64 10, ptr %a)
call void @llvm.lifetime.end.p0(i64 10, ptr %a)
%size = call i64 @llvm.objectsize.i64(ptr %a, i1 true)
store i8 42, ptr %a
call void @llvm.memcpy.p0.p0.i32(ptr %a, ptr %src, i32 32, i1 false)
call void @llvm.memmove.p0.p0.i32(ptr %a, ptr %src, i32 32, i1 false)
call void @llvm.memset.p0.i32(ptr %a, i8 5, i32 32, i1 false)
%alloc2 = call noalias ptr @calloc(i32 5, i32 7) nounwind
%z = icmp ne ptr %alloc2, null
ret void
}
;; This used to crash.
define void @test4() {
; CHECK-LABEL: @test4(
; CHECK-NEXT: ret void
;
%A = call ptr @malloc(i32 16000)
call void @free(ptr %A)
ret void
}
define void @test5(ptr %ptr, ptr %esc) {
; CHECK-LABEL: @test5(
; CHECK-NEXT: [[A:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[B:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[C:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[D:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[E:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[F:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: [[G:%.*]] = call dereferenceable_or_null(700) ptr @malloc(i32 700)
; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i32(ptr noundef nonnull align 1 dereferenceable(32) [[PTR:%.*]], ptr noundef nonnull align 1 dereferenceable(32) [[A]], i32 32, i1 false)
; CHECK-NEXT: call void @llvm.memmove.p0.p0.i32(ptr noundef nonnull align 1 dereferenceable(32) [[PTR]], ptr noundef nonnull align 1 dereferenceable(32) [[B]], i32 32, i1 false)
; CHECK-NEXT: store ptr [[C]], ptr [[ESC:%.*]], align 4
; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i32(ptr [[D]], ptr [[PTR]], i32 32, i1 true)
; CHECK-NEXT: call void @llvm.memmove.p0.p0.i32(ptr [[E]], ptr [[PTR]], i32 32, i1 true)
; CHECK-NEXT: call void @llvm.memset.p0.i32(ptr [[F]], i8 5, i32 32, i1 true)
; CHECK-NEXT: store volatile i8 4, ptr [[G]], align 1
; CHECK-NEXT: ret void
;
%a = call ptr @malloc(i32 700)
%b = call ptr @malloc(i32 700)
%c = call ptr @malloc(i32 700)
%d = call ptr @malloc(i32 700)
%e = call ptr @malloc(i32 700)
%f = call ptr @malloc(i32 700)
%g = call ptr @malloc(i32 700)
call void @llvm.memcpy.p0.p0.i32(ptr %ptr, ptr %a, i32 32, i1 false)
call void @llvm.memmove.p0.p0.i32(ptr %ptr, ptr %b, i32 32, i1 false)
store ptr %c, ptr %esc
call void @llvm.memcpy.p0.p0.i32(ptr %d, ptr %ptr, i32 32, i1 true)
call void @llvm.memmove.p0.p0.i32(ptr %e, ptr %ptr, i32 32, i1 true)
call void @llvm.memset.p0.i32(ptr %f, i8 5, i32 32, i1 true)
store volatile i8 4, ptr %g
ret void
}
;; When a basic block contains only a call to free and this block is accessed
;; through a test of the argument of free against null, move the call in the
;; predecessor block.
;; Using simplifycfg will remove the empty basic block and the branch operation
;; Then, performing a dead elimination will remove the comparison.
;; This is what happens with -O1 and upper.
define void @test6(ptr %foo) minsize {
; CHECK-LABEL: @test6(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
;; Call to free moved
;; Block is now empty and may be simplified by simplifycfg
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
;; Check that the optimization that moves a call to free in its predecessor
;; block (see test6) also happens when noop casts are involved.
define void @test12(ptr %foo) minsize {
; CHECK-LABEL: @test12(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
;; Everything before the call to free should have been moved as well.
;; Call to free moved
;; Block is now empty and may be simplified by simplifycfg
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
;; Test that nonnull-implying attributes on the parameter are adjusted when the
;; call is moved, since they may no longer be valid and result in miscompiles if
;; kept unchanged.
define void @test_nonnull_free_move(ptr %foo) minsize {
; CHECK-LABEL: @test_nonnull_free_move(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr nonnull %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
define void @test_dereferenceable_free_move(ptr %foo) minsize {
; CHECK-LABEL: @test_dereferenceable_free_move(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr dereferenceable_or_null(4) [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr dereferenceable(4) %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
define void @test_nonnull_dereferenceable_free_move(ptr %foo) minsize {
; CHECK-LABEL: @test_nonnull_dereferenceable_free_move(
; CHECK-NEXT: entry:
; CHECK-NEXT: [[TOBOOL:%.*]] = icmp eq ptr [[FOO:%.*]], null
; CHECK-NEXT: tail call void @free(ptr dereferenceable_or_null(16) [[FOO]])
; CHECK-NEXT: br i1 [[TOBOOL]], label [[IF_END:%.*]], label [[IF_THEN:%.*]]
; CHECK: if.then:
; CHECK-NEXT: br label [[IF_END]]
; CHECK: if.end:
; CHECK-NEXT: ret void
;
entry:
%tobool = icmp eq ptr %foo, null
br i1 %tobool, label %if.end, label %if.then
if.then: ; preds = %entry
tail call void @free(ptr nonnull dereferenceable(16) %foo)
br label %if.end
if.end: ; preds = %entry, %if.then
ret void
}
; The next four tests cover the semantics of the nofree attributes. These
; are thought to be legal transforms, but an implementation thereof has
; been reverted once due to difficult to isolate fallout.
; TODO: Freeing a no-free pointer -> %foo must be null
define void @test13(ptr nofree %foo) {
; CHECK-LABEL: @test13(
; CHECK-NEXT: call void @free(ptr [[FOO:%.*]])
; CHECK-NEXT: ret void
;
call void @free(ptr %foo)
ret void
}
; TODO: Freeing a no-free pointer -> %foo must be null
define void @test14(ptr %foo) nofree {
; CHECK-LABEL: @test14(
; CHECK-NEXT: call void @free(ptr [[FOO:%.*]])
; CHECK-NEXT: ret void
;
call void @free(ptr %foo)
ret void
}
; TODO: free call marked no-free -> %foo must be null
define void @test15(ptr %foo) {
; CHECK-LABEL: @test15(
; CHECK-NEXT: call void @free(ptr [[FOO:%.*]]) #[[ATTR8:[0-9]+]]
; CHECK-NEXT: ret void
;
call void @free(ptr %foo) nofree
ret void
}
; TODO: freeing a nonnull nofree pointer -> full UB
define void @test16(ptr nonnull nofree %foo) {
; CHECK-LABEL: @test16(
; CHECK-NEXT: call void @free(ptr [[FOO:%.*]])
; CHECK-NEXT: ret void
;
call void @free(ptr %foo)
ret void
}
Codebase Browser
llvm